UAH

Software Vulnerability Assessment

Draw from your instructor's extraordinary experience to gain techniques to discover unseen and elusive software security flaws. Learn information assurance security concepts as they relate to software assurance. Study the business case for software security and why we care about software security. Become conversant in taxonomy and classifications, Common Weakness Enumeration (CWE), and types of vulnerabilities. Participate in exercises to recognize attacks, their mitigations, and tools for Static Analysis, Dynamic Analysis, and BackTrack. Benefit from explicit examples and how to perform general level forensics. Leave the program knowing how to inspect software of various scopes and functions for its security.

    Topics Include:
    • Information Assurance Security
      • Confidentiality, integrity, availability, authentication, audit logging, exception handling
      • Risk management concepts (vulnerability, threat, attack vector/surface, mitigation through application of security controls)
      • Security models and access control (Bell-La Padula, Biba, Clark-Wilson, Brewer-Nash)
      • Trusted computing (Trusted Computing Base, Trusted Platform)
      • Business Case - Why We Care About Software Security
        • Regulatory and privacy reasons for safeguarding
          • HIPAA, SOX, etc
        • Intellectual property protection
          • Trade secrets, copyright, patent infringements
          • Protect national security (Department of Defense, National Infrastructure)
        • Protect reputation
        • Taxonomy, Classification etc.
          • Common Vulnerabilities and Exposures (CVE), National Vulnerability Database(NVD), Common Weakness Enumeration (CWE), US-CERT Bulletins, OWASP
          • Purdue paper
          • Vulnerabilities
            • Memory safety violations, such as:
              • Buffer overflows
              • Stack overflow
              • Heap overflow
              • Dangling pointers
            • Input validation errors, such as:
              • Format string attacks
              • SQL injection
              • Code injection
              • E-mail injection
              • Directory traversal
              • Cross-site scripting in web applications
              • HTTP header injection
              • HTTP response splitting
            • Race conditions, such as:
              • Time-of-check-to-time-of-use bugs
              • Symlink races
            • Privilege-confusion bugs, such as:
              • Cross-site request forgery in web applications
              • Clickjacking
              • FTP bounce attack
              • Attacks
              • Mitigations
                • Defensive coding practices
                  • Coding standards
                • Secure design principles
              • Tools
                • Static analysis
                  • Checkstyle
                  • Findbugs
                  • Coverity
                • Dynamic analysis
                  • Fortify (both static and analysis)
                • BackTrack (comprehensive collection of security-related tools)
                  • Information gathering, vulnerability assessment, exploitation tools, privilege escalation, maintaining access, reverse engineering, RFID tools, stress testing
                • Forencics
                  • Kali (collection of securing tools)
                • Examples
                  • Discuss vulnerabilities through visual inspection of code
                  • Demonstrate how vulnerabilities can be exploited
                  • Penetration testing
                • Prerequisites:
                  Programming proficiency in a language (i.e. C++, Java); understand operating system concepts, and familiarity with networking concepts (i.e. OSI model and network devices).

                  Available Sessions